jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Unbreak the seccomp filter also on ARM (#1777054)

Browse Source
This commit is contained in:
Jakub Jelen 2019-11-27 11:15:00 +01:00
parent 7254607b91
commit c28decf412
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
openssh-8.1p1-seccomp-nanosleep.patch
View File

@ -19,3 +19,24 @@ index b5cda70b..be239767 100644
SC_ALLOW(__NR__newselect),
#endif
commit 500c30eaf88f26e4a74b06717fe04afec7a7516f
Author: Jakub Jelen <jjelen@redhat.com>
Date: Wed Nov 27 11:06:55 2019 +0100
sandbox-seccomp: Allow clock_nanosleep on ARM
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index be239767..3ef30c9d 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -245,6 +245,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_clock_nanosleep
SC_ALLOW(__NR_clock_nanosleep),
#endif
+#ifdef __NR_clock_nanosleep_time64
+ SC_ALLOW(__NR_clock_nanosleep_time64),
+#endif
#ifdef __NR__newselect
SC_ALLOW(__NR__newselect),
#endif

2
openssh.spec
View File

@ -210,7 +210,7 @@ Patch962: openssh-8.0p1-crypto-policies.patch
Patch963: openssh-8.0p1-openssl-evp.patch
# Use OpenSSL KDF (#1631761)
Patch964: openssh-8.0p1-openssl-kdf.patch
# Unbreak seccomp filter with latest glibc (#1771946)
# Unbreak seccomp filter with latest glibc (#1771946, #1777054)
Patch965: openssh-8.1p1-seccomp-nanosleep.patch
License: BSD